NXDOMAIN redirection in BIND 9.9

Matus UHLAR - fantomas uhlar at fantomas.sk
Mon Oct 3 14:48:19 UTC 2011


>On 9/30/2011 6:21 PM, Shawn Bakhtiar wrote:
>>"We came to the conclusion that no matter how much we wanted it to 
>>not be true, people find a way to do NXDOMAIN if they want to. The 
>>issue is not ours to push, it's between the ISP and the customer 
>>ultimately, and people will do it -- and more intrusively -- than 
>>BIND 9.9 will."
>>
>>That is just giving in. To what WILL end up being akin (is akin) to 
>>taking away access. The argument that everyone is doing it so let's 
>>just facilitate it is a bad one. This is a cave in to bad behavior 
>>which borders on freedom of speech violation, since your 
>>sanctioning the ability to arbitrarily redirecting (without 
>>redirecting) content. Important part being the sanctioning of.
>>
>>http://en.wikipedia.org/wiki/DNS_hijacking

On 30.09.11 19:43, David Miller wrote:
>You get to run your network how ever you like.  This is your right.  
>Turn the feature on if you like -or- make sure it is off if you don't 
>like it.

and he can blame ISC for providing the feature at all.

>You don't get to tell others how to run their networks.  Well... you 
>can tell them, but they don't have to listen to you...

He does, and (for example) you listen.

>Many organizations want to do NXDOMAIN redirections on their 
>resolvers on their own internal networks or on guest wireless 
>networks or on whatever networks they control for whatever reasons 
>they like.

and most of them are invalid, ill and sick. This won't change, 
especially since we can expect more of people do it now, when ISC 
provides a way do to it.

>Other resolvers have had the ability to do NXDOMAIN redirections for 
>many years.  The pressures keeping ISPs from implementing NXDOMAIN 
>redirections has never been the fact that BIND didn't support it.

I hoped that ISC stays out of the world where companies will break 
DNS to do something it is not designed for. Now I see it doesn't.
Bad.
-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.



More information about the bind-users mailing list